Detecting and Closing Gateways of Security Breaches
VerifiedAdded on 2019/09/16
|10
|2569
|610
Report
AI Summary
This report outlines the proposed plan to detect and prevent security breaches in USA Medical Care Organization (USA MCO). The plan incorporates HIPAA standards, including administrative, physical, and technical safeguards. It also outlines individual roles and responsibilities to minimize data breach risks. The report emphasizes the importance of following strict security protocols to protect confidential healthcare-related data.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
HEALTH DATA BREACH RESPONSE PLAN
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
The following report is a proposed plan to be submitted to the CEO regarding the detection of
health data breach and neutralize the same. It has included the plan that has been formulated by
the Chief Privacy officer or CPO of the USA Managed Care Organization or USA MCO to deal
with any cyber security related threat in future. This has included the Identification of data
breaches in health care organizations along with the steps to do the same. It has also discussed
the annual schedule to conduct training regarding data safety and different people that will be
involved in it. It has also mentioned the contents of training and the resources to be used to
achieve the same. This has been followed by the incorporation of Health Insurance Portability
and Accountability Act in the proposed plan and the agenda that includes the incorporation of the
responsibilities that are to be held by every single person to stop health care data breach.
The following report is a proposed plan to be submitted to the CEO regarding the detection of
health data breach and neutralize the same. It has included the plan that has been formulated by
the Chief Privacy officer or CPO of the USA Managed Care Organization or USA MCO to deal
with any cyber security related threat in future. This has included the Identification of data
breaches in health care organizations along with the steps to do the same. It has also discussed
the annual schedule to conduct training regarding data safety and different people that will be
involved in it. It has also mentioned the contents of training and the resources to be used to
achieve the same. This has been followed by the incorporation of Health Insurance Portability
and Accountability Act in the proposed plan and the agenda that includes the incorporation of the
responsibilities that are to be held by every single person to stop health care data breach.
Table of Contents
Introduction......................................................................................................................................4
Identification of Data Breaches in a Healthcare organization.........................................................4
Annual Schedule for Conducting Risk Analysis.............................................................................5
Data security checklist for risk analysis..........................................................................................6
Resources to be used to notify data breach......................................................................................7
Incorporation of HIPAA standards in the proposed plan................................................................7
Agenda for incorporating individual’s role.....................................................................................7
Conclusion.......................................................................................................................................7
Reference List..................................................................................................................................8
Introduction......................................................................................................................................4
Identification of Data Breaches in a Healthcare organization.........................................................4
Annual Schedule for Conducting Risk Analysis.............................................................................5
Data security checklist for risk analysis..........................................................................................6
Resources to be used to notify data breach......................................................................................7
Incorporation of HIPAA standards in the proposed plan................................................................7
Agenda for incorporating individual’s role.....................................................................................7
Conclusion.......................................................................................................................................7
Reference List..................................................................................................................................8
Introduction
The healthcare industry in the modern times has tremendously progressed from using paper work
for data and record keeping to the usage of computers and internet based servers. In the recent
few years, there has been a tremendous increase in the usage of cloud computing to store and
retain the data related to the healthcare domain including the USA Managed Care Organization
or the USA MCO. This includes the storage of the confidential data related to the patients as well
as the classified official documents. However, with the increase of the dependence of the various
fields including healthcare on the Information Technology based services, the risk of the server
security breaches increases gradually (Braunstein, 2016, p. 96). The following report is about the
plan that has been formulated after the case of security breach regarding the health data. The
problem statement of this report is to analyze the potential security risks to this healthcare group
and propose a data response plan in case there is any attempt to breach the cyber security of the
organization.
Identification of Data Breaches in a Healthcare organization
As per to Fowler (2016, p. 61), it is very important to ensure that there are adequate security
detection modules and monitoring tools that can constantly track the traffic that is taking place at
any server. For this purpose the monitoring tool of the healthcare data and information storage
hub has been planned to be designed in a much advanced manner. Following are the steps that
have been followed to make the security system more efficient than ever before.
Step 1: A notification for any type of security breach has been planned that will raise a
distinguished dialogue box on the screen along with an alarm inside the cyber security cell of the
Information Technology wing of our organization. In response to this, our organization’s cyber
cell will block all the gateways that are available to enter the next layer of security. Moreover, a
notification of the same will be sent to the patient through short message service and email.
Step 2: In the second step, the Internet Protocol Addresses or the IP Addresses will be tracked by
our monitoring team along with the types of devices that have been used for the security breach
purpose. As mentioned by Rihari-Thomas et al. (2017, p. 4), IP Address is the most crucial
element to find out the source of attack. Moreover, the team will also track the locations from
where the attempt of breach has been made along with the specific role performed by each
system.
The healthcare industry in the modern times has tremendously progressed from using paper work
for data and record keeping to the usage of computers and internet based servers. In the recent
few years, there has been a tremendous increase in the usage of cloud computing to store and
retain the data related to the healthcare domain including the USA Managed Care Organization
or the USA MCO. This includes the storage of the confidential data related to the patients as well
as the classified official documents. However, with the increase of the dependence of the various
fields including healthcare on the Information Technology based services, the risk of the server
security breaches increases gradually (Braunstein, 2016, p. 96). The following report is about the
plan that has been formulated after the case of security breach regarding the health data. The
problem statement of this report is to analyze the potential security risks to this healthcare group
and propose a data response plan in case there is any attempt to breach the cyber security of the
organization.
Identification of Data Breaches in a Healthcare organization
As per to Fowler (2016, p. 61), it is very important to ensure that there are adequate security
detection modules and monitoring tools that can constantly track the traffic that is taking place at
any server. For this purpose the monitoring tool of the healthcare data and information storage
hub has been planned to be designed in a much advanced manner. Following are the steps that
have been followed to make the security system more efficient than ever before.
Step 1: A notification for any type of security breach has been planned that will raise a
distinguished dialogue box on the screen along with an alarm inside the cyber security cell of the
Information Technology wing of our organization. In response to this, our organization’s cyber
cell will block all the gateways that are available to enter the next layer of security. Moreover, a
notification of the same will be sent to the patient through short message service and email.
Step 2: In the second step, the Internet Protocol Addresses or the IP Addresses will be tracked by
our monitoring team along with the types of devices that have been used for the security breach
purpose. As mentioned by Rihari-Thomas et al. (2017, p. 4), IP Address is the most crucial
element to find out the source of attack. Moreover, the team will also track the locations from
where the attempt of breach has been made along with the specific role performed by each
system.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Step 3: The cyber cell of our organization will further confirm whether the attempt made was
unintentional and accidental or was it a planned and intended one. The types of hacking tools,
cheat codes and classified commands used for hacking along with the different software that
have been employed for the purpose will be evaluated by the cyber cell.
Step 4: In the next step, a Three point system has been designed that will measure the level of
impact that has been experienced by the data storage cloud or hard servers of our organization.
This will also track the actions that have been or will be taken to fix the damage caused at every
level of impact. As per to Patrick & Fields (2017, p. 43), the measurement of the level of impact
is very necessary to detect the loopholes inside the existing security system.
Step 5: This step will include the steps to be incorporated in case of an emergency. This involves
the closing of the internet gateways of all the levels and blocks any further attempts. The
Distributed Denial of Service prevention team will differentiate between genuine requests and
the requests made by auto bots. In case of the latter, the requests will be diverted towards a
different gateway. In addition, the security and firewalls have been made much more efficient to
kill the malware and other spam or viral commands.
Step 6: In the sixth step, the measures that have been taken to prevent the security breach will be
tested and monitored. According to Belyaev et al. (2016, p. 5), the proper testing and
performance, tracking is very essential as it ensures the credibility of the newly designed system.
Hence, the cyber cell of USA MCO has designed a testing process where the security measures
and some dummy segments of classified healthcare data will be subjected to external attacks and
the security system will try to prevent them. The results will be recorded and the procedure will
be repeated where the level of intensity of the attacks will gradually increase. If at any point the
system is found to be compromising, the level of security will be enhanced.
Step 7: The clients that are availing the health care services from USA Managed Care
Organization, will be notified in the final steps through emails and SMS regarding the whole
incident. Unlike the first step, where the patients and clients were notified of the security breach
as a warning message, the final step will let the clients know the details about the whole incident
cycle including the breach attempts that occurred and security preventions that have been
performed.
unintentional and accidental or was it a planned and intended one. The types of hacking tools,
cheat codes and classified commands used for hacking along with the different software that
have been employed for the purpose will be evaluated by the cyber cell.
Step 4: In the next step, a Three point system has been designed that will measure the level of
impact that has been experienced by the data storage cloud or hard servers of our organization.
This will also track the actions that have been or will be taken to fix the damage caused at every
level of impact. As per to Patrick & Fields (2017, p. 43), the measurement of the level of impact
is very necessary to detect the loopholes inside the existing security system.
Step 5: This step will include the steps to be incorporated in case of an emergency. This involves
the closing of the internet gateways of all the levels and blocks any further attempts. The
Distributed Denial of Service prevention team will differentiate between genuine requests and
the requests made by auto bots. In case of the latter, the requests will be diverted towards a
different gateway. In addition, the security and firewalls have been made much more efficient to
kill the malware and other spam or viral commands.
Step 6: In the sixth step, the measures that have been taken to prevent the security breach will be
tested and monitored. According to Belyaev et al. (2016, p. 5), the proper testing and
performance, tracking is very essential as it ensures the credibility of the newly designed system.
Hence, the cyber cell of USA MCO has designed a testing process where the security measures
and some dummy segments of classified healthcare data will be subjected to external attacks and
the security system will try to prevent them. The results will be recorded and the procedure will
be repeated where the level of intensity of the attacks will gradually increase. If at any point the
system is found to be compromising, the level of security will be enhanced.
Step 7: The clients that are availing the health care services from USA Managed Care
Organization, will be notified in the final steps through emails and SMS regarding the whole
incident. Unlike the first step, where the patients and clients were notified of the security breach
as a warning message, the final step will let the clients know the details about the whole incident
cycle including the breach attempts that occurred and security preventions that have been
performed.
Annual Schedule for Conducting Risk Analysis
According to Bala et al. (2016, p. 2), the regular practice of the risk analysis is extremely
important. In the modern times, it is very common for a hacker or rogue software developer to
design and find new innovative ways to breach any security of an organization. As a result of
this, the risk of systems getting hacked and data is lost increases. Hence, it is very important to
conduct the risk analysis at a regular interval of time. In addition to this, the training session has
to be conducted separately for different levels of employees and management staff. The regular
conduct of this task ensures that the workers and management are well aware of the security risks
that are there in the internet world (Simpson, 2016, p. 673). Following are the people that will
conduct the training regarding the security of the cyber assets of USA MCO.
Cyber Expert: The cyber security expert of our organization will conduct training where all the
employees will be given basic instruction regarding the security like keeping their system
accessing devices private and keep the password confidential.
Management Team: The management team will ensure that all the instructions are properly
followed by the workers and they will be tested from time to time.
Cyber cell employees: They will get regular training to stay updated with the daily
advancements being made by the hackers to breach the security system and find the adequate
security option to tackle that threat.
The duration of the training will be of four hours, which will be conducted in two segments of
two hours each with a thirty minutes interval in between. As mentioned by Hardy et al. (2016,
p.3), the training should be conducted once in every three months. Hence it has been decided that
the training will be conducted every quarter (You've Had A Health Data Breach - Now What? -
The Compliance And Ethics Blog, 2017).
Data security checklist for risk analysis
These are the checklists that will be formed to identify the nature of threat. The major type of
threat is the human threat. This is when a cyber hacker makes an attempt to breach our system.
There are technical threats also where the data leak can occur due to technical glitches caused
due to auto bots or virtual bots. Following are the things that will be focused on while preparing
the checklist.
According to Bala et al. (2016, p. 2), the regular practice of the risk analysis is extremely
important. In the modern times, it is very common for a hacker or rogue software developer to
design and find new innovative ways to breach any security of an organization. As a result of
this, the risk of systems getting hacked and data is lost increases. Hence, it is very important to
conduct the risk analysis at a regular interval of time. In addition to this, the training session has
to be conducted separately for different levels of employees and management staff. The regular
conduct of this task ensures that the workers and management are well aware of the security risks
that are there in the internet world (Simpson, 2016, p. 673). Following are the people that will
conduct the training regarding the security of the cyber assets of USA MCO.
Cyber Expert: The cyber security expert of our organization will conduct training where all the
employees will be given basic instruction regarding the security like keeping their system
accessing devices private and keep the password confidential.
Management Team: The management team will ensure that all the instructions are properly
followed by the workers and they will be tested from time to time.
Cyber cell employees: They will get regular training to stay updated with the daily
advancements being made by the hackers to breach the security system and find the adequate
security option to tackle that threat.
The duration of the training will be of four hours, which will be conducted in two segments of
two hours each with a thirty minutes interval in between. As mentioned by Hardy et al. (2016,
p.3), the training should be conducted once in every three months. Hence it has been decided that
the training will be conducted every quarter (You've Had A Health Data Breach - Now What? -
The Compliance And Ethics Blog, 2017).
Data security checklist for risk analysis
These are the checklists that will be formed to identify the nature of threat. The major type of
threat is the human threat. This is when a cyber hacker makes an attempt to breach our system.
There are technical threats also where the data leak can occur due to technical glitches caused
due to auto bots or virtual bots. Following are the things that will be focused on while preparing
the checklist.
● Categories of attacks: This will classify the cyber threat into technical, natural,
environmental or human threat based on the nature of attack that has occurred. The
Information Technology cell will monitor the incoming attacks and detect their types.
● Influencing Potential: This part of the checklist will consist of the level of influence or
impact that the attack can cause on our organization's server. This will also predict the
likeliness probability of the same attack (Simpson, 2016, p. 674).
Resources to be used to notify data breach
There is a combination of hard and soft resources to ensure that any attempt made to breach the
security is properly noted and adequate response is given against these happenings. Following
are the resources involved.
● Software module: This will detect the breach and close the gateways.
● Alarms: This will alert the authorities regarding the incident.
● Communication Systems: These systems will send automatic messages to the clients via
emails and SMS (Fowler, 2016, p. 5).
Incorporation of HIPAA standards in the proposed plan
The proposed plan strictly follows the security standards safeguards that have been mentioned by
the Health Insurance Portability and Accountability Act of United States of America that was
incorporated in 1996. Following are the different types of standards that have been followed.
● Administrative Safeguards: The data will be properly maintained and administered in a
safe and secure environment. Any operation on the data will be made with the consent of
the patient.
● Physical Safeguards: The physical security of the hard data storage hub will be
primarily focused upon. There will be a separate team that will be assigned for this task
that will ensure that only the authorized personnel get the access.
● Technical Safeguards: The technical devices involved in the security will be adequately
checked and recalibrated at a regular interval. This will ensure that all the electronic and
software related components are functioning properly (Security Breach Response Plan
Toolkit, 2017).
environmental or human threat based on the nature of attack that has occurred. The
Information Technology cell will monitor the incoming attacks and detect their types.
● Influencing Potential: This part of the checklist will consist of the level of influence or
impact that the attack can cause on our organization's server. This will also predict the
likeliness probability of the same attack (Simpson, 2016, p. 674).
Resources to be used to notify data breach
There is a combination of hard and soft resources to ensure that any attempt made to breach the
security is properly noted and adequate response is given against these happenings. Following
are the resources involved.
● Software module: This will detect the breach and close the gateways.
● Alarms: This will alert the authorities regarding the incident.
● Communication Systems: These systems will send automatic messages to the clients via
emails and SMS (Fowler, 2016, p. 5).
Incorporation of HIPAA standards in the proposed plan
The proposed plan strictly follows the security standards safeguards that have been mentioned by
the Health Insurance Portability and Accountability Act of United States of America that was
incorporated in 1996. Following are the different types of standards that have been followed.
● Administrative Safeguards: The data will be properly maintained and administered in a
safe and secure environment. Any operation on the data will be made with the consent of
the patient.
● Physical Safeguards: The physical security of the hard data storage hub will be
primarily focused upon. There will be a separate team that will be assigned for this task
that will ensure that only the authorized personnel get the access.
● Technical Safeguards: The technical devices involved in the security will be adequately
checked and recalibrated at a regular interval. This will ensure that all the electronic and
software related components are functioning properly (Security Breach Response Plan
Toolkit, 2017).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Agenda for incorporating individual’s role
This part will specify the responsibilities of every individual and worker associated with our
organization. A set of instructions very similar to those given in the training will be stated in this
agenda so that the chances of breach of data can be minimized as much as possible.
Conclusion
The above report has mentioned the details of steps that will be followed to detect and avoid any
type of security breach in the USA MCO. All the details have been stated regarding every
parameter that is to be considered in order to make the storage and operations of confidential
health care related data safe and secure.
This part will specify the responsibilities of every individual and worker associated with our
organization. A set of instructions very similar to those given in the training will be stated in this
agenda so that the chances of breach of data can be minimized as much as possible.
Conclusion
The above report has mentioned the details of steps that will be followed to detect and avoid any
type of security breach in the USA MCO. All the details have been stated regarding every
parameter that is to be considered in order to make the storage and operations of confidential
health care related data safe and secure.
Reference List
Book
Fowler, K. (2016). Data Breach Preparation and Response: Breaches are Certain, Impact is
Not. Syngress.
Websites
Security Breach Response Plan Toolkit. (2017). Iapp.org. Retrieved 7 June 2017, from
https://iapp.org/resources/article/security-breach-response-plan-toolkit/
You've Had a Health Data Breach - Now What? - The Compliance and Ethics Blog. (2017). The
Compliance and Ethics Blog. Retrieved 7 June 2017, from
http://complianceandethics.org/youve-health-data-breach-now/
Online Articles
Braunstein, A. (2016). Standing Up For Their Data: Recognizing the True Nature of Injuries in
Data Breach Claims to Afford Plaintiffs Article III Standing. Journal of Law and Policy, 24(1),
3. Available at: http://brooklynworks.brooklaw.edu/cgi/viewcontent.cgi?
article=1503&context=jlp. [Retrieved on 7th June 2017]
Belyaev, K., Sun, W., Ray, I., & Ray, I. (2016). On the design and analysis of protocols for
Personal Health Record storage on Personal Data Server devices. Future Generation Computer
Systems. Available at:
https://www.researchgate.net/profile/Kirill_Belyaev/publication/303543585_On_the_Design_an
d_Analysis_of_Protocols_for_Personal_Health_Record_Storage_on_Personal_Data_Server_Dev
ices/links/58a771a0aca27206d9ac3ed8/On-the-Design-and-Analysis-of-Protocols-for-Personal-
Health-Record-Storage-on-Personal-Data-Server-Devices.pdf [Retrieved on 7th June 2017]
Simpson, M. D. (2016). All Your Data are Belong to Us: Consumer Data Breach Rights and
Remedies in an Electronic Exchange Economy. U. Colo. L. Rev., 87, 669. Available at:
http://lawreview.colorado.edu/wp-content/uploads/2016/03/13.-87.2-Simpson_Final.pdf
[Retrieved on 7th June 2017]
Journals
Hardy, L. J., Hughes, A., Hulen, E., & Schwartz, A. L. (2016). Implementing Qualitative Data
Management Plans to Ensure Ethical Standards in Multi-Partner Centers. Journal of Empirical
Research on Human Research Ethics, 11(2), 191-198.
Book
Fowler, K. (2016). Data Breach Preparation and Response: Breaches are Certain, Impact is
Not. Syngress.
Websites
Security Breach Response Plan Toolkit. (2017). Iapp.org. Retrieved 7 June 2017, from
https://iapp.org/resources/article/security-breach-response-plan-toolkit/
You've Had a Health Data Breach - Now What? - The Compliance and Ethics Blog. (2017). The
Compliance and Ethics Blog. Retrieved 7 June 2017, from
http://complianceandethics.org/youve-health-data-breach-now/
Online Articles
Braunstein, A. (2016). Standing Up For Their Data: Recognizing the True Nature of Injuries in
Data Breach Claims to Afford Plaintiffs Article III Standing. Journal of Law and Policy, 24(1),
3. Available at: http://brooklynworks.brooklaw.edu/cgi/viewcontent.cgi?
article=1503&context=jlp. [Retrieved on 7th June 2017]
Belyaev, K., Sun, W., Ray, I., & Ray, I. (2016). On the design and analysis of protocols for
Personal Health Record storage on Personal Data Server devices. Future Generation Computer
Systems. Available at:
https://www.researchgate.net/profile/Kirill_Belyaev/publication/303543585_On_the_Design_an
d_Analysis_of_Protocols_for_Personal_Health_Record_Storage_on_Personal_Data_Server_Dev
ices/links/58a771a0aca27206d9ac3ed8/On-the-Design-and-Analysis-of-Protocols-for-Personal-
Health-Record-Storage-on-Personal-Data-Server-Devices.pdf [Retrieved on 7th June 2017]
Simpson, M. D. (2016). All Your Data are Belong to Us: Consumer Data Breach Rights and
Remedies in an Electronic Exchange Economy. U. Colo. L. Rev., 87, 669. Available at:
http://lawreview.colorado.edu/wp-content/uploads/2016/03/13.-87.2-Simpson_Final.pdf
[Retrieved on 7th June 2017]
Journals
Hardy, L. J., Hughes, A., Hulen, E., & Schwartz, A. L. (2016). Implementing Qualitative Data
Management Plans to Ensure Ethical Standards in Multi-Partner Centers. Journal of Empirical
Research on Human Research Ethics, 11(2), 191-198.
Bala, H., Venkatesh, V., Venkatraman, S., & Bates, J. (2016). If the worst happens: five
strategies for developing and leveraging information technology-enabled disaster response in
healthcare. IEEE journal of biomedical and health informatics, 20(6), 1545-1551.
Rihari-Thomas, J., DiGiacomo, M., Phillips, J., Newton, P., & Davidson, P. M. (2017). Clinician
Perspectives of Barriers to Effective Implementation of a Rapid Response System in an
Academic Health Centre: A Focus Group Study. International Journal on Health Policy
Management, 6(3) 102-113
Patrick, H., & Fields, Z. (2017). A Need for Cyber Security Creativity. In Collective Creativity
for Responsible and Sustainable Business Practice. IGI Global, 12(7) 42-61.
strategies for developing and leveraging information technology-enabled disaster response in
healthcare. IEEE journal of biomedical and health informatics, 20(6), 1545-1551.
Rihari-Thomas, J., DiGiacomo, M., Phillips, J., Newton, P., & Davidson, P. M. (2017). Clinician
Perspectives of Barriers to Effective Implementation of a Rapid Response System in an
Academic Health Centre: A Focus Group Study. International Journal on Health Policy
Management, 6(3) 102-113
Patrick, H., & Fields, Z. (2017). A Need for Cyber Security Creativity. In Collective Creativity
for Responsible and Sustainable Business Practice. IGI Global, 12(7) 42-61.
1 out of 10
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.